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(54) Portable card medium, method for managing memory space of portable card medium, 

method for Issuing portable card medium, method for writing program data on portable card 
medium, and computer readable recording medium with memory space management 
program recorded therein 



(57) In a portable card medium used for an IC card 
capable of realizing a plurality of application functions, 
the portable card medium includes an accepting mech- 
anism (4) to accept an applicatbn processing request 
from a host apparatus (7), an area control mechanism 
(5) to extract an area (2) of a memory for processing 
corresponding to the application processing request ac- 
cepted by the accepting mechanism (4). and request the 
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executing mechanism (3) to perform the processing in 
the extracted area (2), and an area monitoring mecha- 
nism (6) to take as input information of an area having 
access during program execution in the executing 
mechanism (3), and monitor whether or not the process- 
ing in the executing mechanism (3) Is being performed 
In the area (2) extracted by the area control mechanism 
(5), thereby preventing data to be managed by other ap- 
plication functions from being fetched. 
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user makes a payment by the money information the 

Description information of paid money is transferred to a creditor. 

^..-r.^K. The svstem allows various types of commercial trans- 

RArKGROl IMP OF THE INVENTION SoSt be mtde without delivery and receipt of cash 

5 and adoption Of credit management. 

(1) Field of the invention Meanwhile, a commonly used type is the IC 

(00011 The present invention rentes to a ..rtahle 

cardmedium8uitableforuseinanlC(lntegratedC.rcu.t) Z''^^l^^^Z^,^Zacl^^ 

card whK:h can realize a plurainy of aPP«oat.on Jur«- t^e « ^^^^^^^^ speed ^ 

tions, and to a method for managing a memory space io tral P^J«^^"9 "J^^ h ^^^^^^ ^ 

of the portable card medium, a method for issuing the ^Jj^'STe'n Conducted of an IC card having a plu- 

portablecardmedlum.andamethodforwritingprogram ''"J'^^^' ^""rtirfun^^^^^^ 

Sataontheportablecardmedium Further.the^vention '^^^^ ^^^'^ZT^,, i„ ^ich onty the single 

.elates to a computer readab~ ^°7at^rnc:^'is available, a prograrn for rea«^^^^^ 

amcmory space management program recorded tnere j^^; application function is previously written on hard- 

ware i e.. the ROM 101a of the IC card 100. 

„ , , ^ fooill On the other hand, the IC card may have the 

(2) Descnplion of the Related Art i^^^^^^^^ application functions (multi-application tunc- 

lOOOa, An.Ccard.aportab.eca.mediuminc.uding — r^^^^^^^ 

.agnet. recording card, and - Persona.^^e^^^^^^^^^^^ lect an ^PP^^^^^ „ ^3,, ^ 

in recording of personal inf om,atK>n. and so «>rth. Thus. ^^^^ ^.^^ the program for realizing the de- 

by connocfng the IC card to a host apparatus ".s pos- '^^''^^^ „ J^.^ ^ ^ ,C card, thereafter us- 

slble to realize application processing as an extension ^^^J^^^^ ^ ^ulti-function IC card 

of processing in the ^^aQnetjc recording c^^^^ 9 ,^ 33 3 

[0003] That is, as described above, in the IC ca^. rt l» J 3,j^y ^ 

is possible to provide a 9-'^ ^^^-apa^^^^^ Z^^^^^ -^ ^'^^ ^^'^ 

that of the magnetic recording card and enhance a se app processed and managed by 

curity function of recorded personal information (the se- ory ^^nce, data to be managed 

curity function of protecting the personal information. ^^^^^^^^^Z aocssUe to and fetched by 

and so forth). ^ . ir^ annther orooram In such a case, there is a problem in 

portion 1 02 having the function of interfacing with the stored data. 

outsideofthecard,andamemoryl03fordatastorage. ,^,^,.ry OF THE IN VENTION 

[0005] Forexample.anerasableprogrammableread- SUMMARY OF THE iNVbiM i 

onlymemon^(EPROI^)isus©das thememo,y m ,„ view of the foregoing problems, is objects 
[0006] The CPU 101 includes a ROM (Read On y l"^'*^ ^^g^^j j^^^tion to provide a portable card me- 
Memory)l01acontainingaprogramfordriv.ngtheCPU PXriro^ertomLtainasecurin^ 
101.aRAM(Random AccessMemory)101bconta,n,ng f'T^^''^^^^^^^^^^ operation of a CPU is re- 
data used for program execute, a co^^^^^^^ S^yp;retram"m^^ 
tomakeacontrolsuchasvanouscommandprcxess^ a program for realizing one application function, thereby 
according to the program recorded in the ROM 101a, ^P^'J""'" to be managed by other application 
and an operatKx, part lOld to perfomt an operation on JJ^^^J^^^^^^^^^^ I for managing a 
t^ta. „ space of the portable card medium, a method 
[0007] in recent years, ''ll'l'^'^^Z tor L^ng the portable card medium, a method for writ- 
development *^as progressed on a ^stem^.^^^^^^^ g^ ^P^ ^ ^^^^^^^ ^^^^^ ^ 
electronic money is used insteadof cash^ Since various ^ ^ ^^le recording medium with a memory 
quaners have tried experiments on -h an e^^^^^^^^ ^etln'g^ent program'reco^ed therein, 
money system, quick progression of the system has JP^^^ '^^^.f^^ding to the present invention, for achiev- 
been made toward a practical staga above-mentioned objects, there is provided a 
[0008] Here, in the electron ic mc^neysys^^^^^^^ '"'rtable card medium in which a memory contains a plu- 
tronic money information equivalent ^ cash -nfo^^^^ ^701 programs to be executed in response to various 
tion about an amount of money in user's hand) is trans ^'"^^ °3,P,„;,ocessing requests from a host apparatus 
,erredtothelCcardheldbyauserthrough,forexa^^^^ S^'^^for execuL of the programs, and the 
an automated teller machine (ATM) of a bank. When the and data usea to 
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respective programs are executed in an executing 
mechanism depending upon the stored programs and 
data, thereby processing a desired application process- 
ing request from the host apparatus. Further, the porta- 
ble card medium includes an accepting mechanism to 
accept the application processing request from the host 
apparatus, an area control mechanism to extract an ar- 
ea of the memory for processing corresponding to the 
application processing request accepted by the accept- 
ing mechanism, and request the executing mechanism 
to perform the processing in the extracted area, and an 
area monitoring mechanism to take as input information 
of an area having access during the execution of the 
program In the executing mechanism, and monitor 
whether or not the processing in the executing mecha- 
nism is performed in the area extracted by the area con- 
trol mechanism. 

[0016] Thus, according to the present invention, It Is 
possible to set, corresponding to the area of the mem- 
ory, an access space for the operation of an access con- 
trol, a command space for the operation of a command, 
and a supen/isory control space for a supervisory con- 
trol of processing in the access space and the command 
space. When the processing request from the host ap- 
paratus is accepted in the supen/isory control space, the 
operation can be transferred from the supervisory con- 
trol space to the access space or the command space 
such that the executing mechanism can process the 
processing request. Hence, in order to maintain the se- 
curity function of the stored data, an area for the oper- 
ation of the executing mechanism is restrictively preset 
in the memory at a time of execution of the program for 
realizing one application function. It Is thereby possible 
to prevent data to be managed by other application func- 
tions from being fetched. As a result. It Is possible to 
protect encryption algorithm/key/cryptographic 
processing unique to each application from falsification 
through other applications. 

[0017] Further, according to the present invention, 
there is provided a method for managing a memory 
space of a portable card medium in which a memory 
contains a plurality of programs to be executed In re- 
sponse to various application processing requests from 
the host apparatus and data used for execution of the 
programs, and the programs are executed In the exe- 
cuting mechanism depending upon the stored programs 
and data, thereby processing a desired application 
processing request from the host apparatus. The meth- 
od for managing the memory space of the portable card 
medium Includes the steps of setting, corresponding to 
the area of the memory, the access space for storage 
of the data used by the application and for the operation 
of the access control In the program, the command 
space= for the operation of the command used for 
processing other than the access control in the program, 
and the supervisory control space for the supervisory 
control of the processing in the access space and the 
command space, and transferring, when the processing 



request from the host apparatus Is accepted in the su- 
pervisory control space, the operation from the supervi- 
sory control space to the access space or the command 
space such that the executing mechanism can process 
s the processing request. 

[0018] Consequently, according to the present inven- 
tion, it is possible to set, corresponding to the area of 
the memory, the access space for the operation of the 
access control, the command space for the operation of 
the command, and the supen^isory control space for the 
supervisory control of the processing In the access 
space and the command space. When the processing 
request from the host apparatus Is accepted In the su- 
pervisory control space, the operation can be trans- 
ferred from the supervisory control space to the access 
space or the command space such that the executing 
mechanism can process the processing request. 
Hence, in order to maintain the security function of the 
stored data, the area for the operation of the executing 
mechanism Is restrictively preset in the memory at the 
time of execution of the program for realizing one appli- 
cation function. It is thereby possible to prevent the data 
to be managed by other application functions from being 
fetched. As a result, it is possible to protect the encryp- 
tion algorithm/key/cryptographlc processing unique to 
each application from falsification through other appli- 
cations. 

[0019] In addition, according to the present Invention, 
there is provided a method for issuing a portable card 
medium in which a memory contains a plurality of pro- 
grams to be executed In response to various application 
processing requests from the host apparatus and data 
used for execution of the programs, and the programs 
are executed in the executing mechanism depending 
upon the stored programs and data, thereby processing 
a desired application processing request from the host 
apparatus. When the portable card medium is issued, 
the method includes an authentication information post- 
ing step of posting authentication information Inherent 
In the host apparatus capable of Issuing the card medi- 
um to an extemat card medium containing authentica- 
tion information, a collation declsbn step of, In the ex- 
ternal card medium, collating for authentication the au- 
thentication Information posted in the authentication In- 
formation posting step with the authentication infomna- 
tion stored In the external card medium, and deciding 
whether or not the card medium can be issued through 
the host apparatus, and an issuing step of issuing the 
desired card medium through the host apparatus when 
it is decided that the card medium can be issued as a 
result of decision in the collation decision step. 
[0020] Consequently, according to the present inven- 
tion, the nnethod Includes the authentication information 
posting step, the collation decision step, and the issuing 
step. Since the authentication Information is set when 
the portable card medium is manufactured, there Is an 
advantage in that, for example, falsification of the medi- 
um can be avoided for a period from the manufacture to 
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the Issue of the card. In addition, since the authentica- 
tion is performed based upon the external apparatus, 
there is another advantage in that, for example, an im- 
portant program can be written by only an application 
manager, and so forth. 

[0021] Further, according to the present invention, 
there is provided a method tor writing program data on 
a portable card medium in which a memory contains a 
plurality of programs to be executed in response to var- 
ious application processing requests from the host ap- 
paratus and data used for execution of the programs, 
and the programs are executed in the executing mech- 
anism depending upon the stored programs and data, 
thereby processing the desired application processing 
request from the host apparatus. When an external ap- 
paratus writes the program data on the memory of the 
portable card medium, the method includes an authen- 
iicatlon information posting step of posting authentica- 
tion information of the external apparatus to the card 
medium and posling aulhenlicalion information of the 
cdid medium to the external apparatus, a collation de- 
cision step of, in the external apparatus, collating for au- 
thentication the authentication information posted from 
the card medium with the authentication infornr^tion 
stored in the external apparatus, and, in the card medi- 
um, collating for authentication the authentication infor- 
mation posted from the external apparatus with the au- 
thentication information stored in the card medium, and 
deciding whether a write operation of the program data 
by the external apparatus is to be enabled or disabled, 
and a write operation step of. in the card medium, per- 
forming the write operation through the external appa- 
ratus when it is decided that the program data can be 
written as a result of decision in the collation decision 
step. 

[0022] Consequently, according to the present inven- 
tion, the method includes the authentication information 
posting step, the collation decision step, and the write 
operation step. Since the authentication information is 
set when the portable card medium is manufactured, 
there is an advantage in that, for example, falsification 
of the medium can be avoided tor a period from the man- 
ufacture to the issue of the card. In addition, since the 
authentication is performed based upon the external ap- 
• paratus. there is another advantage in that, for example, 
an important program can be written by only an appli- 
cation manager, and so forth. 

[0023] Further, there is provided a computer readable 
recording medium with a memory space management 
program recorded therein according to the present in- 
vention. In a computer, a memory contains a plurality of 
programs to be executed in response to various appli- 
cation processing requests from a host apparatus and 
data used for execution of the programs, and the pro- 
grams are executed in an executing mechanism de- 
pending upon the stored programs and data, thereby 
processing the desired application processing request 
from the host apparatus. When a memory space is man- 



aged in the computer, the memory space management 
program causes the computer to realize a space setting 
function of setting in an area of the memory an access 
space for storage of data used by the application and 
5 for the operation of an access control in the program, a 
command space for the operation of a command for 
processing otherthan the access control in the program, 
and a supervisory control space for a supen^isory con- 
trol of processing in the access space and the command 
10 space, and a space control function of transferring, 
when a processing request from the host apparatus is 
accepted in the supen/isory control space, the operation 
from the supervisory control space to the access space 
or the command space such that the executing mecha- 
15 nism can process the processing request. 

[0024] Consequently, according to the present inven- 
tion, it is possible to set. corresponding to the area of 
the memory, the access space for the operation of the 
access control, the command space for the operation of 
20 the command, and the supen^isory control space for the 
supervisory control of the processing in the access 
space and the command space. When the processing 
request from the host apparatus is accepted in the su- 
pervisory control space, the operation can be trans- 
25 ferred from the superv/isory control space to the access 
space or the command space such that the executing 
mechanism can process the processing request. 
Hence, in order to maintain a security function of the 
stored data, the area for the operation of the executing 
30 mechanism is restrictlvely preset in the memory at the 
time of execution of the program for realizing one appli- 
cation function. It is thereby possible to prevent the data 
to be managed by other application functions from being 
fetched. As a result, it is possible to protect the encryp- 
35 tlon algorithm/key/cryptographic processing unique to 
each application from falsification through other appli- 
cations. 
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Fig. 1 is a block diagram showing an aspect of the 
present invention; 

Fig. 2 is a block diagram showing an IC card ac- 
cording to one embodiment of the present inven- 
tion; 

Fig. 3 is a diagram showing connections between 
host apparatuses and the 10 card for realizing var- 
ious application systems according to the embodi- 
ment; 

Fig. 4 is a diagram for explaining areas containing 
program and data for each application in the em- 
bodiment; 

Fig. 5 is a diagram showing space tables referred 
by an area control portion in the embodiment; 
Fig. 6 is a diagram showing an essential part of the 
space table referred by the area control portion in 
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the embodiment; 

Fig. 7 is a diagram showing information set in a con- 
trol register of an area monitoring portion in the em- 
bodiment; 

Figs. 8 and 9 are diagrams respectively showing an 
OS space, an access space, and a command space 
serving as an operating area of a CPU 20 in the em- 
bodiment; 

Fig. 10 is a diagram showing the access spaces 
serving as the operating area of the CPU 20 in the 
embodiment; 

Figs. 11 and 12 are diagrams respectively showing 

the command spaces serving as the operating area 

of the CPU 20 in the embodiment; 

Fig. 1 3 is a diagram showing the access spaces 

serving as the operating area of the CPU 20 in the 

embodiment; 

Fig. 14 is a diagram showing the command spaces 
serving as the operating area of the CPU 20 in the 

embodimenl; 

Fig. 15 is a diagram showing a life cycle of the IC 
card In the embodiment; 

Fig. 1 6 is a diagram showing a method for authen- 
ticating personal identification when the IC card in 
the embodiment is issued; 

Fig. 17 is a diagram showing another method for 
authenticating personal identification when the 10 
card in the embodiment is issued; 
F4g. 1 8 is a diagram for explaining a method for set- 
ting a protection flag in the embodiment; 
Figs. 1 9 to 22 are block diagrams for explaining the 
operations by the use of the IC card in the embod- 
iment; and 

Fig. 23 is a block diagram showing a hardware con- 
figuration of an IC card. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

(a) Description of Aspect of the Invention 

[0026] A description wilt now be given of an aspect of 
the present invention referring to the accompanying 
drawings. 

[0027] Fig. 1 is a block diagram showing the aspect 
of the present invention. In Fig. l, reference numeral 1 
denotes a portable card medium. In the portable card 
medium 1 , a memory area 2 contains a plurality of pro- 
grams to be executed in response to various application 
processing requests from a host apparatus 7 and data 
used for execution of the programs. Further, the respec- 
tive programs are executed by an executing mechanism 
3 depending upon the stored programs and data. It is 
thereby possible to process a desired application 
processing request from the host apparatus 7. The port- 
able card medium includes an accepting mechanism 4, 
an area control mechanism 5, and an area monitoring 
mechanism 6. 



[0028] Here, the accepting mechanism 4 accepts the 
application processing request from the host apparatus 
7, and the area control mechanism 5 extracts an area 
of the memory 2 for processing corresponding to the ap- 

s plication processing request accepted by the accepting 
mechanism 4, and requests the executing mechanism 
3 to perform the processing in the extracted area. 
[0029] Further, the area monitoring mechanism 6 
takes as input information of an area having access dur- 

10 ing execution of the program in the executing mecha- 
nism 3 so as to monitor whether or not the processing 
in the executing mechanism 3 is performed in the area 
extracted by the area control mechanism 5 (Claim 1), 
and includes an area table 5A. 

IS [0030] Here, the area table 5A previously contains ar- 
ea informatbn used for the processing in the executing 
mechanism 3 according to the type of application 
processing. The area control mechanism 5 refers to the 
area table 5A according to the type of application 

20 processing request accepted by the accepting mecha- 
nism 4, thereby extracting the area of the memory 2 for 
the processing corresponding to the application 
processing request. 

[0031] Further, the area table 5A can be configured to 
2S set an area corresponding to an access space for stor- 
age of data used for the application accepted by the ac- 
cepting mechanism 4 and for the operation of an access 
control In the program, and an area corresponding to a 
command space for the operation of a command used 
30 for processing other than the access control in the pro- 
gram. 

[0032] Alternatively, the area control mechanism 5 
may be provided to extract the area of the memory 2 for 
the processing corresponding to the application 
3S processing request accepted by the accepting mecha- 
nism 4 depending upon address information or page in- 
formation by referring to the area table 5A. 
[0033] Further, the area monitoring mechanism 6 may 
include a register portion containing the area of the 
40 memory 2 extracted by the area control mechanism 5, 
and may be configured to monitor whether or not the 
processing is performed in the executing mechanism 
depending upon the information contained In the regis- 
ter portion. 

45 [0034] Additionally the area table 5A may contain, for 
each type of the application processing request from the 
host apparatus 7. authentication Information used to de- 
cide whether or not the application processing request 
can be accepted. 
so [0035] Besides, the area control mechanism 5 may 
store, in the area table 5A, identification information 
used for identification of the application processing, and 
contained In the preceding application processing re- 
quest accepted by the accepting mechanism 4. 
55 [0036] Thus, according to the present invention, there 
are provided the accepting mechanism 4, the area con- 
trol mechanism 5, and the area monitoring mechanism 
6. It is possible to set, corresponding to the area 2 of the 
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memory, the access space for the operation of the ac- 
cess control, the command space for the operation of 
the command, and a supervisory control space for a su- 
pervisory control of processing in the access space and 
the command space. When the processing request from 5 
the host apparatus Is accepted In the supen/lsory control 
space, the operation can be transferred from the super- 
visory control space to the access space or the com- 
mand space such that the executing mechanism 3 can 
process the processing request. In order to maintain a ^ 
security function of the stored data, an area for the op- 
eration of the executing mechanism 3 is restrictively pre- 
set in the memory at a time of execution of the program 
for realizing one application function. It is thereby pos- 
sible to prevent data to be managed by other application 1 
functions from being fetched. As a result, it is possible 
to protect encryption algorithm/key/cryptographic 
processing unique to each application from falsification 
through other applications. 

[0037] Further, in a method for managing the memory ^ 
space of the portable card medium of the present inven- 
tion, the memory contains the plurality of programs to 
be executed in response to the various application 
processing requests from the host apparatus and the 
data used for execution o1 the programs, and the pro- ^ 
grams are executed in the executing mechanism de- 
pending upon the stored programs and data, thereby 
processing the desired application processing request 
from the host apparatus In the method for managing 
the memory space of the portable card medium, the 
method includes the steps of setting, corresponding to 
the area of the memory, the access space for storage 
of the data used by the application and for the operation 
of the access control in the program, the command 
space for the operation of the command used for 
processing other than the access control in the program, 
and the supervisory control space for the supervisory 
control of the processing in the access space and the 
command space, and transferring, when the processing 
request from the host apparatus Is accepted In the su- 
pervisory control space, the operation from the supervi- 
sory control space to the access space or the command 
space such that the executing mechanism can process 
the processing request. 

[0038] Consequently, according to the present inven- 
tion, it is possible to set, corresponding to the area of 
the memory, the access space for the operation of the 
access control, the command space for the operation of 
the command, and the supervisory control space for the 
supervisory control of the processing in the access 
space and the command space. When the processing 
request from the host apparatus Is accepted In the su- 
pervisory control space, the operation can be trans- 
ferred from the supervisory control space to the access 
space or the command space such that the executing 
mechanism can process the processing request. In or- 
der to maintain the security function of the stored data, 
the area for the operation of the executing mechanism 



is restrictively preset in the memory at the time of exe- 
cution of the program for realizing one application func- 
tion. It is thereby possible to prevent the data to be man- 
aged by other application functions from being fetched. 
As a result, it is possible to protect the encryption algo- 
rithm/key/cryptographic processing unique to each ap- 
plication from falsification through other applications. 
[0039] In this case, for the plurality of application 
processing, the memory can contain the programs for 

0 the plurality of application processing and the data used 
for execution of the programs, while the access space 
and the command space can be setfor each application. 
[0040] Further, in a method for managing the memory 
space of the memory medium, an area for accessible 

5 data and an area for a program allowing the access con- 
trol can be set in the access space according to division 
for each of the applications. In this case, it is possible 
to define a part of the access space set according to the 
division for each of the applications as a mutually shared 

*o space. 

[0041] Consequently, it is possible to partially define, 
as the mutually shared space, the access space set ac- 
cording to the division for each of the applications or the 
command space in which the command execution is en- 
25 abled. As a result, there are advantages in that a space 
sharing control can be realized between the access 
space and the command space, and the memory area 
can effectively be used. 

[0042] A program area in which command execution 
30 Is enabled can be set in the command space according 
to division in application units. Further, apart of the com- 
mand space set according to division for each of the ap- 
plicatK)ns may be defined as the mutually shared space. 
[0043] Consequently, it is possible to partially define, 
35 as the mutually shared space, the access space set ac- 
cording to the division for each of the applications or the 
command space in which the command execution is en- 
abled. As a result, there are advantages in that a space 
sharing control can be realized between the access 
40 space and the command space, and the memory area 
can effectively be used. 

[0044] Further, it is possible to extend the command 
space depending upon a declaration made to the super- 
visory control space while the command space is active. 

45 [0045] Consequently, according to the present inven- 
tion, It is possible to extend the command space de- 
pending upon the declaration made to the supervisory 
control space while the command space is active. 
Hence, for example, at a time of collation of authentica- 

so tion information, it Is also possible to provide security 
(black box) in a part of the same application as long as 
an area which can not be written by a user other than 
authenticated program developers is set as an extended 
area serving as the black box. Thus, it is possible to 

55 avoid falsification of the program, and avoid falsification 
of an encryption algorithm, a key, or cryptographic 
processing for the collation of the authentication infor- 
nriatton. 
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[0046] In addition, in a portable card medium of the 
present invention, a memory contains a plurality of pro- 
grams to be executed in response to various application 
processing requests from the host apparatus and data 
used for execution of the programs, and the programs 
are executed in the executing mechanism depending 
upon the stored programs and data, thereby processing 
a desired application processing request from the host 
apparatus. When the portable card medium is issued, a 
method for issuing the portable card medium according 
to the present invention includes an authentication in- 
formation posting step of posting authentication infor- 
mation inherent in the host apparatus capable of issuing 
the card medium to an external card medium containing 
authentication information, a collation decision step of, 
in the external card medium, collating for authentication 
the authentication information posted In the authentica- 
tion Information posting step with the authentication In- 
formation stored in the external card medium, and de- 
ciding whether or not the card medium can be issued 
through the host apparatus, and an issuing step of issu- 
ing the desired card medium through the host apparatus 
when it is decided that the card medium can be issued 
as a result of decision In the collation decision step, 
thereby issuing the portable card medium in which the 
desired application processing request from the host ap- 
paratus can be processed. 

[0047] Consequently, according to the present inven- 
tion, the method Includes the authentication information 
posting step, the collation decision step, and the Issuing 
step. Since the authentication Information is set when 
the portable card medium Is manufactured, there is an 
advantage in that, for example, falsification of the medi- 
um can be avoided for a period from the rrianuf acture to 
the Issue of the card. In addition, since the authentica- 
tion is performed based upon the external apparatus, 
there is another advantage in that, for example, an im- 
portant program can be written by only an application 
manager, and so forth. 

[0048] Further, in a portable card medium, a memory 
contains a plurality of programs to be executed in re- 
sponse to various application processing requests from 
the host apparatus and data used for execution of the 
programs, and the programs are executed In the exe- 
cuting mechanism depending upon the stored programs 
and data, thereby processing the desired application 
processing request from the host apparatus. When an 
external apparatus writes program data on the memory 
of the portable card medium, a method for writing the 
program data on the portable card medium according to 
the present invention includes an authentication infor- 
mation posting step of posting authentication informa- 
tion of the external apparatus to the card medium and 
posting authentication information of the card medium 
to the external apparatus, a collation decision step of, 
in the external apparatus, collating for authentication the 
authentication Infornr^tion posted from the card medium 
with the authentication Information stored In the extemal 



apparatus, and, in the card medium, collating for au- 
thentication the authentication information posted from 
the external apparatus with the authentication informa- 
tion stored in the card medium, thereby deciding wheth- 

s era write operation of the program data by the external 
apparatus is to be enabled or disabled, and a write op- 
eration step of, in the card medium, performing the write 
operation through the extemal apparatus when It Is de- 
cided that the program data can be written as a result 

10 of decision in the collation decision step. 

[0049] Consequently, according to the present Inven- 
tion, the method includes the authentication information 
posting step, the collation decision step, and the write 
operation step. Since the authenticatbn information Is 

IS set when the portable card medium is manufactured, 
there Is an advantage in that, for example, falsification 
of the medium can be avoided for a period from the man- 
ufacture to the issue of the card. In addition, since the 
authentication Is performed based upon the external ap- 

20 paratus, there is another advantage in that, for example, 
an important program can be written by only an appli- 
cation manager, and so forth. 

[0050] Further, in a computer, a memory contains a 
plurality of programs to be executed in response to var- 

2S ious application processing requests from a host appa- 
ratus, and data used for execution of the programs, and 
the programs are executed in the executing mechanism 
depending upon the stored programs and data, thereby 
processing the desired application processing request 

30 from the host apparatus. In a computer readable record- 
ing medium with a memory space management pro- 
gram recorded therein according to the present inven- 
tion, when a memory space is managed In the computer, 
the memory space management program causes the 

55 computer to realize a space setting function of setting 
in an area of the memory an access space for storage 
of data used by the application and for the operation of 
an access control in the program, a command space for 
the operation of a command for processing other than 

40 the access control in the program, and a supervisory 
control space for a supervisory control of processing in 
the access space and the command space, and a space 
control function of transferring, when a processing re- 
quest from the host apparatus is accepted in the super- 

45 visory control space, the operation from the supervisory 
control space to the access space or the command 
space such that the executing mechanism can process 
the processing request. 

[0051] Consequently, according to the present inven- 
so tion. it is possible to set, corresponding to the area of 
the mennory, the access space for the operation of the 
access control, the command space for the operation of 
the command, and the supen^isory control space for the 
supervisory control of the processing in the access 
ss space and the command space. When the processing 
request from the host apparatus is accepted in the su- 
pervisory control space, the operation can be trans- 
ferred from the supen/isory control space to the access 
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space or the command space such that the executing 
mechanism can process the processing request. In or- 
der to maintain the security function of the stored data, 
the area for the operation of the executing mechanism 
Is restrictively preset in the memory at the time of exe- 
cution of the program for realizing one application func- 
tion. It is thereby possible to prevent the data to be man- 
aged by other application functions from being fetched. 
As a result, it is possible to protect the encryption algo- 
rithm/key/cryptographic processing unique to each ap- 
plication from falsification through other applications. 

(b) Description of Schematic Configuration and 
Applicable Mode of IC Card According to the 
Embodiment 



[0052] A description will now be given of an embodi- 
ment of the present invention referring to the accompa- 
nying drawings. 

[0053] First, a description will be given of a schematic 
configuration of an IC card according to the embodi- 
ment, and an applicable mode of the IC card 
[0054] Fig. 2 is a block diagram showing an IC (Inte- 
grated Circuit) card according to one embodiment of the 
present invention. As described above, the IC card 10 
shown in Fig. 2 forms a portable card medium having 
portability or transportability and including a built-in in- 
tegrated circuit in which a large amount of data can be 
stored, and can be shared to realize, for example, a plu- 
rality of applications. 

[0055] That is. in the IC card 1 0 according to the em- 
bodiment, as shown in Fig. 3. the same card can be con- 
nected to different types of host apparatuses in applica- 
tion systems for an electronic money, medical informa- 
tion, and so forth. It is thereby possible to construct a 
so-called multi-application system in which the various 
types of applications can be realized. 
[0056] Here, as shown in Fig. 2. the IC card 10 ac- 
cording to the embodiment includes, in view of hard- 
ware, a CPU (Central Processing Unit) 20. a memory 
30 for data storage, and an unillustrated connect portion 
having the function of interfacing with the outside of the 
card. 

[0057] The memory 30 contains a plurality of pro- 
grams to be executed in the CPU 20 in response to var- 
ious application processing requests from a host appa- 
ratus 40, and data used tor execution of the programs. 
In the programs for the various application processing 
stored In the memory 30. it is to be noted that the pro- 
grams may previously be stored in a read-only memory 
when the card Is manufactured, or the programs may 
later be loaded into a writable memory according to us- 
er's purposes. 

[0058] Further, an area of the memory 30 is divided 
according to attributes of stored data into three areas: 
a supervisory control area 30A. a data area SOB. and a 
program area 30C. 

[0059] Meanwhile, the programs stored in the IC card 



10 are operated in response to the processing request 
from the host apparatus 40 connected to the unillustrat- 
ed connect portion, thereby allowing the IC card 10 to 
realize various application operations. Moreover, the 
5 application operations can also be realized while the 
program stored in the IC card 10 is executed in cooper- 
ation with a program stored in the host apparatus 40. 
[0060] As shown in Fig. 3. it is thereby possible to per- 
form issue processing for the IC card 10 (card issue 
10 processing) through card issuing apparatus 15, 16 for, 
for example, loading processing of software for the plu- 
rality of applications such as electronic money applica- 
tion, and medical information application, and storage 
of authentication infonnation held by a user and de- 
is scribed infra. Further, the issued IC card 1 0 in common 
can be applied to the plurality of application systems. 
[0061] Here, as stated above, in a mode of using the 
IC card 10 in an electronic money application system, 
the IC card 10 issued by the card Issuing apparatus 15 
20 can be connected to. for example, an automated teller 
machine (ATM) 11 of a bank. It is thereby possible to 
store in the IC card 10 electronic money information 
equivalent to cash (information about an amount of 
money In user's hand), or transfer the electronic money 
25 information to a bank account. In addition, it is possible 
to use money information transferred to the IC card 10 
so as to electronically make a payment through a termi- 
nal 12 such as personal computer (PC) or POS (Point 
Of Sales). 

30 [0062] That Is, according to the electronic money ap- 
plication system, information of money paid for mer- 
chandise can be converted into electronic information, 
and the electronic information can be transferred to a 
creditor through the IC card 10 and the terminal 1 2. It is 
35 thereby possible to make varbus types of actual com- 
mercial transactions without delivery and receipt of cash 
and adoption of credit management. 
[0063] Further, in the medical information application 
system, for example, when a user goes to a hospital for 
40 medical examination, diagnostic inforrmtion through 
medical equipment 14 such as electrocardiograph (a re- 
sult of measurement in the case of electrocardiography) 
can electronically be recorded in the IC card 10 issued 
by the card issuing apparatus 16. It is thereby possible 
45 to issue a medical certificate through the medical equip- 
ment 14 by connecting the IC card 10 to a certificate 
issuing apparatus 1 3 as required. 



(c) Description of Function of IC Card According to the 
50 Embodiment 

[0064] Meanwhile, according to the embodiment, the 
IC card 10 in common can be applied to the plurality of 
application systems as stated above. However, in order 
55 to prevent data to be managed by one application from 
being fetched by another application, an area of the 
memory for the operation of the CPU 20 is restrictively 
set according to an operating state thereof. 
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[0065] Hence, as shown in Fig. 2, the IC card 10 ac- 
cording to the embodinnent includes an instruction exe- 
cuting portion 21 , an accepting portion 22. an area con- 
trol portion 23, and an area monitoring portion 24. More- 
over, the functions as the instruction executing portion 
21 , the accepting portion 22, the area control portion 23, 
and the area monitoring portion 24 are realized by ap- 
propriately using hardware and software resources in 
the IC card 10. In other words, the functbns given by 
these function parts are realized by the operation ot the 
program stored in the memory 30 through, for example, 
the CPU 20 having access to the memory 30. 
[0066] Alternatively, the program (memory space 
management program) for realizing the functions (see 
reference numerals 21 to 24) may be loaded from a re- 
cording medium such as CD-ROM. 
[0067] Here, the instruction executing portion 21 in- 
cludes the CPU 20 In view of hardware, and executes 
the programs depending upon the programs and data 
stored in the memory 30 for the various application 
processing, thereby processing a desired application 
processing request from the host apparatus 40, result- 
ing in serving as an executing mechanism. 
[0068] Further, the accepting portion 22 accepts an 
application processing request from the host apparatus 
40 connected through the unillustrated connect portion, 
thereby providing the function as an accepting mecha- 
nism. 

[0069] Additior^lly, the area control portion 23 ex- 
tracts an area of the memory 30 for processing corre- 
sponding to the application processing request accept- 
ed by the accepting portion 22, and requests the instruc- 
tion executing portion 21 to perform the processing in 
the extracted area, thereby providing the function as an 
area control mechanism. 

[0070] That is, the supervisory control area 30A in- 
cludes a space table (area table) 23a previously con- 
taining area information used for the processing in the 
instruction executing portion 21 according to the type of 
application processing. 

[0071] In other words, Information related tothe space 
table 23a is stored in the supervisory control area 30A 
of the memory 30. That is, the CPU 20 reads the infor- 
mation related to the space table 23a in the area 30A, 
thereby realizing the function as the area control portion 
23. 

[0072] Here, as shown in Fig. 9 In the following dis- 
cussion, the space table 23a includes an access space 
32 set for the operation of an access control in the pro- 
gram for the application processing accepted by the ac- 
cepting portion 22, and a command space 33 set for the 
operation of a comnnand for performing processing oth- 
er than the access control in the program. 
[0073] That Is, as shown in Fig. 1 0 in the following dis- 
cussion, for each type of application, there are set, in 
the space table 23a, data 32B-1 . 32B-2 used by the ap- 
plications accepted by the accepting portion 22, and, as 
an access space, areas 32C-1 , 32C-2 of the memory 



30 containing a program for making an access control 
during the application processing. 
[0074] Further, asshown inFig. 11 in the following dis- 
cussion, for each type of application, there are set. as a 

5 command space in the space table 23a, areas 33C-1 . 
33C-2 of the memory 30 containing commands for 
processing other than the access control in the applica- 
tion processing, such as a command (issue command) 
for creating data, and a command for processing a 

10 processing request from the application in the host ap- 
paratus 40. 

[0075] The area control portion 23 can thereby extract 
the area of the memory 30 for the processing corre- 
sponding to the application processing request from the 
IS host apparatus 40 depending upon the type of the ap- 
plication processing request accepted by the accepting 
portion 22 by referring to the space table 23a described 
above. 

[0076] Moreover, the area control portion 23 sets the 
20 extracted area Information in a control register 24a of 
the area monitoring portion 24 at a subsequent stage, 
thereafter posting the extracted area information of the 
memory 30 to the instructbn executing portion 21, 
thereby requesting the instruction executing portion 21 
2S to pertorm processing according to a program stored in 
the area Information. 

[0077] Besides, the area monitoring portion 24 takes 
as input information of an area having access to the 
memory 30 during the execution of the above program 
30 in the Instruction executing portion 21, and monitors 
whether or not the processing In the instruction execut- 
ing portion 21 is being performed in the area extracted 
by the area control portion 23, thereby providing the 
function as an area monitoring mechanism. 
35 [0078] Specifically, the area monitoring portion 24 in- 
cludes the control register 24a In which the area infor- 
matbn extracted in the area control portion 23 is set as 
hardware information, and decides whether the instruc- 
tion executing portion 21 has access to the memory at 
40 an address identical with or different from an address 
(or page) in the area information set in the control reg- 
ister 24a. 

[0079] In other words, the control register 24a func- 
tions as a register portion containing the area of the 
45 memory 30 extracted by the area control portion 23. The 
area control portion 24 can monitor, depending upon the 
information stored In the control register 24a, whether 
or not the processing In the instruction executing portion 
21 is being performed, that is, whether or not the 
so processing in the instruction executing portion 21 is be- 
ing performed In the area extracted by the area control 
portion 23. 

(d) Description ot Operating Space of 10 Card According 
ss to the Embodiment 

[0080] A description will now be given of an operating 
space of the IC card 10 according to the embodiment. 
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[0081] As stated above, in the IC card 10 according 
to the embodiment, the area of the memory 30 is divided 
according to the attributes of stored data into the three 
areas, the supervisory control area 30A, the data area 
SOB, and the program area 30C. 
[0082] The data area 30B and the program area 30C 
contain data and a program for each application. Spe- 
cifically, as shown in Fig. 4, the data area SOB contains 
data (including a file) used for the electronic money ap- 
plication program, and data (including a file) used for the 
medical information application program. The data area 
30C contains the electronic money application program, 
and the medical information application program. 
[0083] Moreover, the programs for the applications re- 
spectively include command information requested by 
the host apparatus 40, access control information for ac- 
cess to data in the memory 30, issue command infor- 
mation for creation of data, and various types of data. 
[0084] Here, the supervisory control area 30A sending 
as a supervisory control area contains an OS (Operating 
System) serving as a program for, according to the type 
of application, supen^isory monitoring/control of the op- 
erating areas (the areas 30B. 30C to which the CPU 20 
has access) used for the respective applications, 
[0085] Further, the CPU 20 has access to a predeter- 
mined area of the memory 30 as required, thereby real- 
izing desired application processing. Operating areas 
corresponding to execution modes of the CPU 20 can 
be set as the three types of spaces corresponding to the 
areas of the memory 30. 

[0086] Specifically, as shown in Fig. 8 or 9, the oper- 
ating areas of the CPU 20 can be set as an OS space 
31. the access space 32, and the command space 33 
corresponding to the areas of the memory 30. 
[0087] Here, the access space 32 shows an active ar- 
ea of the memory 30 during the access control by the 
CPU 20. That is. the access space 32 contains the data 
used for the respective applications, and the access 
control information for the respective application pro- 
grams. The access space 32 corresponds to an area, 
equivalent to an access control program, forming the da- 
ta area SOB and the program area 30C of the memory 
SO. 

[0088] Further, the command space 33 shows an area 
of the memory 30 for the operation of commands (in- 
cluding the issue command for creating data) other than 
the access control in the respective programs, such as 
■Create,- "Read." and 'Write.' That is. the command 
space 33 contains command information other than the 
access control program in the program area 30C. 
[0089] Thus, during the program execution by the 
CPU 20. command execution is carried out in the com- 
mand space 33, and the access control is made in the 
access space 32. However, the operations in the access 
space 32 and the command space 33 are monitored/ 
controlled in the OS space 31 . 
[0090] That is. the OS space 31 shows an accessible 
area of the memory 30 when the CPU 20 is in an oper- 



ating state according to the program (the OS, see the 
functions shown by reference numerals 21 to 24 in Fig. 
2) stored in the supervisory control area 30A described 
above. The OS space 31 includes all the areas of the 

s memory 30. . 

[0091] That is. when the program stored in the super- 
visory control area SOA is running, the CPU 20 has ac- 
cess to the supervisory control area SOA, the data area 
SOB. and the program area SOC in the OS space 31 . 
10 [0092] In other words, the OS space 31 is a space for 
supen/isoiy monitoring/control of the processing in the 
access space 32 and the command space S3, thereby 
functioning as a supen^isory control space. 
[0093] Specifically, as will be described infra, when an 
IS application processing request from the host apparatus 
40 is accepted in the OS space 31. the operation can 
be transferred from the OS space 31 to the access 
space 32 or the command space 33 according to the 
type of application and the corresponding program. 
20 [0094] In other words, in the active state of the OS 
space 31, the accessible area of the memory 30 can 
restrict'ively be set depending upon the application 
processing request from the host apparatus 40. while 
the control can be transferred to execute the corre- 
2S sponding program. 

[0095] Meanwhile, the programs and the data for re- 
alizing the two applications described above are respec- 
tively stored in the different areas of the memory 30. 
[0096] Thus, the memory 30 contains the plurality of 
30 application processing programs and the data for exe- 
cution of the plurality of application processing pro- 
grams in order to perform the plurality of application 
processing, while the memory can be managed by set- 
ting the access space 32 and the command space 33 
35 for each application. 

[0097] Further, in the access space 32, it is possible 
to set according to division for each application an ac- 
cessible data area and a program area in which the ac- 
cess control can be made. In the command space 33, it 
40 is possible to set according to division for each applica- 
tion a program area in which command execution is en- 
abled. 

[0098] Specifically, as shown in Fig. 10, two sets of 
data and access control information are stored in areas 
45 having different addresses of the memory 30 corre- 
sponding to the access space 32. That is. in the elec- 
tronic money application, the access space includes the 
area 32B-1 in the first hall of the data area SOB and the 
area 32C-1 in the first half of the program area 30C. 
60 [0099] Similarly, m the medical infomiation applica- 
tion, the access space includes the area 32B-2 in the 
latter half of the data area SOB and the area 32C-2 sub- 
sequent to the area 32C-1 of the program area SOC. 
[0100] Further, as shown in Fig. 11 , two sets of pre- 
ss grams are respectively stored in areas having different 
addresses of the memory 30 corresponding to the com- 
mand space 33. That is. in the electronic money appli- 
cation, the command space includes the area 3SC-1 of 
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the program area 30C. In the medical ir^formation appli- 
cation, the command space Includes the area 33C-2 of 
the program area 30C. 

[0101] Meanwhile, as shown in Fig. 12 (or Fig. 8), in 
the two sets of programs configuring the above com- 
mand space 33, it is also possible to extend the com- 
mand space 33 (expand the area) depending upon the 
control in the OS space 31 . In other words, it is possible 
to extend the command space 33 depending upon a 
declaration made to the OS space 30A while the com- 
mand space 33 is active. 

[01 02] That is, as shown in Fig. 8 or Fig. 1 2, while the 
CPU 20 is operated in the area 33C-1 sen/ing as the 
command space for the electronic money application, 
the operation is transferred to the OS space 31 with a 
command such as "return" as an "extension declaration. 
" The OS space 31 allows extension of the command 
space thereby extending the command space for the 
electronic money application from the area 33C-1 to an 
area 33C-11. 

[0103] Thus, for example, at the time of collation of 
authentication informatbn, it is also possible to provide 
the secunty (black box) in a part of the same application 
as long as the area which can not be written by the user 
other than the authenticated program developers is set 
as the extended area serving as the black box. Thus, it 
is possible to avoid falsification of the program, and 
avoid falsification of the encryption algorithm, the key, 
or the cryptographic processing for collation of authen- 
tication information 

[01 04] Further, if the data or the access control infor- 
mation can be shared between the access spaces of the 
two applications (electronic money and medical infor- 
mation), the data or the access control information can 
be stored in the same area. In other words, in the IC 
card 10, the access space set according to division for 
each application can partially be defined as a shared 
space. 

[0105] For example, as shown in Fig. 8 or Fig. 13, 
among the data corresponding to the access spaces in 
the two applications (electronic money and medical in- 
formation), shareable data is stored In a shared data ar- 
ea 32B-3, while unshared data are respectively stored 
in the areas 32B-1, 32B-2. 

[0106] Similarly, among the access control informa- 
tion corresponding to the access spaces in the two ap- 
plications (electronic money and medical informattan), 
shareable data is stored in a shared access control area 
32C-3, while unshared data are respectively stored in 
the areas 32C-1 , 32C-2. 

[01 07] Further, if a command can be shared between 
the command spaces of the two applications (electronic 
money and medical information), the command can be 
stored in the same area. In other words, in the IC card 
1 0, it is also possible to manage the memory 30 by de- 
fining as a shared space the partial command space set 
according to division for each application. 
[01 08] For example, as shown in Fig. 1 4, among com- 



mand information corresponding to the access spaces 
in the two applications (electronic money and medical 
information), a shareable command is stored in a shared 
command area 33C-3, while unshared commands are 
5 respectively stored in the areas 33C-1 , 33C-2. 

[0109] Moreover, in order to extend the shared com- 
mand area 33C-3 shown in Fig. 14. as shown in Fig. 8, 
the command space may be extended to a shared ex- 
tended command area 33C-31 by the 'extension decla- 
10 ration' from the OS space 31 . 

(e) Description of Structures of Space Table and Control 
Register According to the Embodiment 

15 [0110] Meanwhile, the area control portion 23 ex- 
tracts, by referring to the space table 23a as shown in 
Fig. 5» the area of the memory 30 used for the process- 
ing corresponding to the application processing request 
accepted by the accepting portion 22, and requests the 

20 instruction executing portion 21 to perform the process- 
ing in the extracted area. It is thereby possible to transfer 
the operation of the CPU 20 from the OS space 31 to 
any one of the access space 32 and the command 
space 33. 

25 [0111] Here, the space table 23a shown in Fig. 5 in- 
cludes application identification information (AID; Appli- 
cation Identification) 41, point information 42, status in- 
formation 43, authentication information 44, command 
space area information 45, table point information 46, 

30 access space area information 47, and table point infor- 
matbn 48. 

[0112] The AID 41 is information for identification of 
application for each type of application, that is, identifi- 
cation information used for identification of application 
35 processing, and contained in the preceding application 
processing request accepted by the accepting portion 
22. 

[Oil 3] Further the point information 42 is information 
used for pointing to a shared space table 23a-1 de- 

40 scribed infra. The status information 43 shows whether 
or not an application corresponding to the ID information 
41 is in an operating state, and shows a system of spec- 
ifying in the area of the memory 30 the access space 
and the command space stored in the space table 23a. 

45 [0114] Specifically, in the status information 43, "A" 
showing Active Is set when the applicatbn is currently 
executed in the CPU 20, and "AD" for specification by 
address information or "PG" for specification by page 
information is set to show start positions and end posi- 

50 tions of the access space and the command space in 
the memory 30. 

[0115] Further the authentication information 44 is 
collated with authentication information held by a user 
of the host apparatus 40, and is required for processing 
55 using an extended address described infra. Through the 
collation of the authentication information, it is possible 
to decide whether or not the user of the host apparatus 
40 has access to the extended address space in the 
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memory 30. . • - 

[0116] In other words, the space table 23a contains, 
for each type of application processing request from the 
host apparatus 40. the authentication information 44 for 
the decision of whether or not the application processing 
request can be accepted. 

r0117l Further, the command space area information 
45 shows a command space in the application corre- 
sponding to the ID Information 41 by area information in 
the memory 30. Besides, the command space area in- 
formation 45 sets (specifies) an area of the memory 30 
serving as the command space by start position infor- 
mation and end position information of the area. For ex- 
ample, address infomiatlon can be used as the start po- 
sition and end position Information. 
[01181 Specifically, the command spacearea informa- 
tion 45 includes command space infomiatlon 45a hold- 
ing a start address and an ending address of a memory 
area containing normal command information, and ex- 
tended command space infomiation 45b holding a start 
address and an ending address in the memory 30. con- 
cerning to an extended command space. 
r01191 Further, the access space area information 47 
shows an access space in the application correspond- 
ina to the ID information 41 by area infomnation in the 
memory 30. Besides, the access space area Information 
47 sets an area of the memory 30 serving as the access 
space by start position infomration and end position in- 
formation of the area For example, the address infor- 
mation can similarly be used as the start position and 
end position information. 

[0120] Specifically, the access space area infomia- 
tion 47 includes data space infomnatlon 47a holding a 
. start address and an ending address in the memory 30. 
concerningtoadata area sending asacandidateforac- 

cess and access control space information 47b holding 
a start address and an ending address in the memory 
30, concerning to access control infomnation. 
[0121] Further, the table point information 46 is infor- 
mation used for pointing to an address table 23a-2 de- 
pending upon command control information accepted 
by the accepting portion 21 . The table point information 
48 is information used for pointing to the address table 
23a-2 depending upon access control information ac- 
cepted by the accepting portion 21 . 
[01221 Here, the address table 23a-2containsthe po- 
sition in the area specified by the above comrrand 
space area information 45 with encoded command in- 
formation as a key, and an area of the access control 
infomiation specified in the access space area infonria- 
tion 47 with encoded access control information as a key 
through the address information. 
[0123] That is, when the accepting portion 21 accepts 
the command information or the access control informa- 
tion, the area control portion 23 searches the address 
table 23a-2 with these infomfiation as keys. 
[01241 It is thereby possible to extract an address in 
the memory 30 corresponding to the command informa- 



tion or the access control information described above. 
roi2S1 Meanwhile, the shared space table 23a-1 con- 
Lins a shared access space and a shared corrimand 
space which can be shared between one application 
5 corresponding to the above ID inforrnation 41 and an- 
other application. The shared space table 23a-1 in- 
cludes authenticatbn information 49. command space 
area infomiation 50, table point information 51. access 
space area infomiation 52. and table point formation 

[0126] Here, the authentication informatbn 49 is col- 
lated with the authentication information of the user of 
the host apparatus 40. and is required for processing 
using a shared extended address described infra. 
is Through the collation of the authentication information, 
it is possible to decide whether or not the user of the 
host apparatus 40 has access to the shared extended 
address space in the memory 30. 
[0127] Further, the shared command space area in- 
20 formation 50 shows an area of a shared command 
space, also available in another applicatton. in the coiti- 
mand space in the application corresponding to the ID 
information 41 . That is. the shared command space ar- 
ea information 50 sets the shared command space by 
25 start position information and end position infomiation 
in the memory 30. For example, the address information 
can similarly be used as the start position and end po- 
sition information. . . ^ ,. ^ 
[01281 Specifically, there are provided shared com- 
30 mandspaceinformation 50a holding a start address and 
an ending address in the memory 30 containing normal 
shared command infomiation. and shared extended 
command space information 50b in which an area of the 
memory 30 containing extended shared command in- 
35 formation is set by a start address and an ending ad- 

dress. . , 

[01291 Further, the shared access space area infor- 
maton 52 shows a shared access space also available 
in another application among areas of the access space 
40 in the application corresponding to the ID infomiation 
41 That is the shared access space area information 
52 specifies the shared access space by start position 
infomiation and end position information in the memory 
30 For example, the address infometion can similarly 
45 be' used as the start position infomfiation and the end 
position infomiation. 

[01 30] Specifically, the shared access space area in- 
formation 52 includes shared data space infomnation 
52a used for setting a shared data area serving as a 
so candidateforaccessbythestartaddressandtheending 
address in the memory 30. and shared access control 
space information 52b used for setting shared access 
control information by the start address and the ending 
address in the memory 30. 
55 [01311 Besides, the table point information 51 IS mlor- 
mation used for pointing to an address table 23a-3 de- 
oending upon shared command information accepted 
by the accepting portion 21 The table point infomnation 
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53 is information used tor pointing to the address table 
23a-3 depending upon shared access control informa- 
tion accepted by the accepting portion 21. 
[0132] Here, the address table 23a-3 contains posi- 
tions in the memory 30 corresponding to encoded com- 
mand information and encoded access control informa- 
tion by address information. The position in the memory 
30 corresponding to the encoded command information 
is in the area specified by the above shared command 
space area information 50, and the position in the mem- 
ory 30 corresponding to the encoded access control in- 
formation is in the area specified by the access space 
area information 47. 

[01 33] That is, when the accepting portion 21 accepts 
the shared command information or the shared access 
control infonnatlon, the area control portion 23 searches 
the address table 23a-2 with these information as keys. 
It is thereby possible to extract a corresponding address 
In the memory 30. 

[0134] Moreover, In the above space table 23a, the 
spaces 32, 33 are specified by the start position infor- 
mation and the end position Information in the area of 
the memory 30. However, it is to be noted that the area 
can be specified by using, as the position information, 
page information in bit representation as shown in Fig. 

6 as well as.the above address information. In this case, 
access to. the memory 30 can be obtained by using an 
unillustrated table for conversion of the page information 
into the address information. _ 

[0135] In other words, by referring to the area table 
23a, the area control portion 23 can extract by the ad- 
dress infomnation or the page information an area of the 
memory 30 for processing corresponding to an applica- 
tion processing request accepted by the accepting por- 
tion 21. 

[01 36] That is, the area control portion 23 may extract, 
by referring to the space table 23a and using the page 
information, the area of the memory for the processing 
corresponding to the application processing request ac- 
cepted by the accepting portion 21 . In such a case, it is 
possible to use the memory area, for example, as non- 
continuous areas. 

[01 37] Meanwhile, the above area monitoring portion 
24 includes the control register 24a containing area set- 
ting information extracted in the area control portion 23, 
and decides whether the Instruction executing portion 
21 has access to the memory at the address Identical 
with or different from the address (or page) in the area 
information set as hardware Information in the control 
register 24a. For example, information as shown in Fig. 

7 is set in the control register 24a. 

[01 38] That is, according to Information set depending 
upon the result of search of the space table 23a in the 
area control portion 23, the control register 24a is pro- 
vided with a space mode setting portion 54, a status set- 
ting portion 55, a shared space area setting portion 56, 
and a space area setting portion 57. 
[0139] Here, the space mode setting portion 54 sets 



a space identifier showing the operating state of the in- 
struction executing portion 21 of the CPU 20 depending 
upon the application processing request accepted by 
the accepting portion 22. The space identifier 'O' is set 
s when the instruction executing portion 21 is operated in 
the OS space 31 , "A" is set when operated in the access 
space 32, and "C is set when operated in the command 
space 33. 

[0140] Further, the status register portion 55 sets in- 
10 formation for identification of a method for specifying the 
access space 32 and the command space 33 by the 
above space table 23a, and sets, when the application 
processing request accepted by the accepting portion 
22 is command information, information showing the 
1^ type of command. 

[0141] Specifically, type information "AD" is set when 
the access space 32 and the command space 33 shown 
in Fig. 8 are addressed, and "PG" is set when specified 
by the page information. Further, type information "N* is 
20 set when accepted command information is a normal 
command, type Information "E" is set when the com- 
mand information is a normal extended command, and 
type information "K' is set when the command informa- 
tion is a shared extended command. 
2S [01 42] Further, the shared space area setting portion 
56 sets, according to the type of application accepted 
by the accepting portion 22, area information belonging 
to the shared access space and the shared command 
space which are also available in another application. 
30 [0143] For example, in the case of a space set as 
shown in Fig. 8, the shared space area setting portion 
56 sets area information about the areas 32B-3, 32C-3 
of the memory 30 containing data (shared data) and ac- 
cess control information (shared access control infor- 
ms matbn) which are also available in another application, 
and area information about the areas 33C-3, 330-31 of 
the memory 30 containing a command (shared com- 
mand information) or an extended command (shared 
extended command). 
40 [01 44] The space area setting portion 57 sets, accord- 
ing to the type of application (such as electronic money 
application) accepted by the accepting portion 22, area 
information belonging to an access space and a com- 
mand space which are unavailable in another applica- 
45 tion. 

[0145] That is, in the case of the space set as shown 
in Fig. 8, the space area information setting portion 57 
sets area information about the areas 32B-1 , 32C-2 of 
the memory 30 containing data and access control In- 
so formation which are unavailable in another application 
(such as medical information application), and area in- 
formation about the areas 33C-1 , 33C-1 1 of the memory 
30 containing command information or an extended 
command. 

55 [0146] Thus, the area of the memory 30 extracted by 
the area control portion 23 Is stored in the control reg- 
ister 24a of the above area monitoring portion 24. De- 
pending upon the stored information, it is possible to 
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monitor whether or not the processing in the instruction 
executing portion 21 is being performed. 

(E) Description ot Issue Processing of IC Card 
According to the Embodiment 

[01 47] The IC card 1 0 according to the embodiment 
has a life cycle as shown in Fig. 1 5. That is. the IC card 
10 shown in Fig. 15 is manufactured by embedding an 
10 chip in the card (Step S1). and is issued through load- 
ing processing of software for a desired application and 
storage of the authentication information held by the us- 
er in the card issuing apparatus (see reference numer- 
als 15. 16 in Fig. 3) (Step S2). 
101481 Thereafter, the IC card 10 is operated by the 
user (Step S3), and is finally depreciated (Step S4). As 
the user needs, by appropriately loading software for an- 
otnor application in the card issuing apparatus, it is pos- 
sible to reissue the IC card as an IC card having the 
(unctions ol realising, in particular, a plurality of applica- 
tion piocessing (from Step S2 to Step S3). 
[0149] Meanwhile, when the card is issued, in order 
to maintain the security of the program in the IC card 1 0, 
it IS required to authenticate the user having access to 
the IC card 10 and the host apparatus 40. A method fa 
authenticating the user includes methods as shown in 
Figs. 16 and 17. 

[0150] Thatis. in the method for authenticating the us- 
er shown in Fig 16. authentication information posted 
from a host apparatus 40A serving as the card issuing 
apparatus is collated with personal authentication infor- 
mation contained in a personal authentication card 60 
held by the user apart from the IC card 10. In the case 
of identical authentication information (successful colla- 
tion) a result of collation is posted to the host apparatus 
40A together with the identical authentication infomria- 

[OI^SIl In other words, the authentication information 
unique to the host apparatus 40A capable of issuing the 
IC card 10 is posted to the personal authentication card 
60 serving as an external card medium previously con- 
taining the authentication information (authentication in- 
formation posting step). In the personal authentcation 
card 60 the authentication information from the host ap- 
paratus 40A is collated for authentication with the au- 
thentication information contained in the personal au- 
thentication card 60 to decide whether or not the IC card 
10 can be issued through the host apparatus 40A (col- 
lation decision step). If it is decided as a result of the 
decision that the IC card 10 can be issued, the desired 
IC card 10 is issued through the host apparatus 40A (is- 
suing step). By usingthe issued IC card 10, it is possible 
to process a desired application processing request 
from the host apparatus 40A. 
[0152] Specifically, in the personal authentication 
card 60 the collation can be made by using data type 
information (D) showing the type of authentication data 
stored as status information 61 from the host apparatus 



40A and authentication data 62. In addition, another 
collation can be made by using reception time informa- 
tion (T) stored as status information 61 . and the authen- 
tication data 62. . . 
s [0153] Thereby, whentheauthenticationissuccessful 

in the personal authentication card 60 (identical authen- 
tication information is detected), in the host apparatus 
40A authentication information for issue of the card is 
set in the space table 23a, thereby issuing the IC card 
10 10 through the host apparatus 40A. 

[0154] Moreover, in the data type forming the status 
information 61 transmitted from the host apparatus40A. 
the data type 'NO' denotes a case where the authenti- 
cation data 62 has no data. "PN" is a case where the 
ts authentication data 62 is a personal identification 
number "SI' is a case where the authentication data 62 
is authentic signature. 'PH' is a case where the authen- 
tication data 62 is photograph data, "Fl" is a case where 
the authentication data 62 is fingerprint data. "RE" is a 
20 case where the authentication data 62 is iris data, and 
•VO" is a case where the authentication data 62 is voice 
print data. 

[0155] In this case, since 'retina data" is not posted 
from the host apparatus 40A, a successful collation can 
25 not be made by the retina data in the personal authen- 
tication card 60. 

[0156] Further, when the IC card 1 0 is issued by load- 
ing program data of a card with a built-in integrated cir- 
cuit (containing no program for application processing). 
30 the collation of the authentication information as shown 
in Fig 17 is made prior to the issue. 
[0157] That is. as shown in Fig. 17. the auftientication 
information in the personal authentication card 60 is 
posted to the IC card 10. and the authentication nfor- 
35 mation in the IC card 10 is posted to the personal au- 
thentication card 60 (authentication information posting 
step) The personal authentication card 60 collates for 
authentication the authentication information posted 
from the IC card 10 with the authentication information 
40 contained in the personal authentication card 60. Con- 
currently the IC card 10 collates for authentication the 
authentication information posted from the personal au- 
thentication card 60 with the authentication information 
contained in the IC card 10. thereby deciding whether 
45 or not the program data can be written through the host 
apparatus 40A (collation decision step) . When it is de- 
cided as a result of decision that the program data can 
be written, the IC card 10 performs the write operation 
through the host apparatus 40A (write operation step). 
so It is also possible to authenticate personal identification 
at a time of writing. 

[0158] Specifically, the authentication information 
preset in the space table 23a of the issued IC card 10 
and the authentication information from the personal au- 
55 thentication card 60 are collated mutually (in both the IC 
card 1 0 and the personal authentication card 60). When 
successful authentication can be obtained in both the 
cards 10. 60. for example, reissue processing for the IC 
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card 10 is performed. 

[0159] Here, as shown in Fig. 17. the personal au- 
thentication card 60 includes an authentication informa- 
tion table 66 containing, for each available application, 
information (AID) 63 for identification of the application, 
and authentication information 64, 65 used for the space 
table 23a and the shared space table 23a-1 in the IC 
card 10. 

[0160] Thereby, the personal authentication card 60 
takes as input, through the host apparatus 40A from the 
IC card 10, the authentication information preset at the 
time of manufacture of the IC card 10, and collates the 
authentication information with the authentication infor- 
mation 64 stored in the authentication Information table 
66. 

[0161] Further, the IC card 10 takes as input, through 
the host apparatus 40A from the personal authentication 
card 60, the authentication information 64 stored in the 
authentication information table 56 of the personal au- 
thenlicalion card 60, and collates the authentication in- 
loimation 64 with the authentication information preset 
at the time of manufacture of the IC card 1 0. 
[01 62] Thus, the mutual collation of the authentication 
information can be made in both the IC card 10 and the 
personal authentication card 60 (see reference numeral 
Q) When the successful results of collation can be pro- 
vided in both the IC card 10 and the personal authenti- 
cation card 60. the host apparatus 40A can set the 
space table 23a, thereafter loadinfithe program data, 
and setting the address tables 23a-1 . 23a-3 (see refer- 
ence numeral (2). 

[0163] Meanwhile, when the above space table 23a 
is set in the IC card 10, as shown in Fig. 18, it is possible 
to set a protection flag area 35 in the OS space 31 ac- 
cording to the collated authentication information, there- 
after loading the program data Into the IC card 10. 
[0164] Here, the protection flag area 34 contains flag 
information for inhibition of specified application 
processing performed by a user without specified au- 
thentication infornnation. A specified area portion of the 
memory 30 is used as the protection flag area 34. and 
a protection flag 35 is set for each page in the specified 
area portion to serve as bit information for inhibitbn of 
i'eading from and writing on the area portion. 
[01 65] That is, the OS space 31 can inhibit the above 
access space 32 or command space 33 from having, in 
pages, access to the area of the memory 30 for the spec- 
ified application processing. 

[01 66] For example, the area which can not be written 
by a user other than program developers may be set in 
the protection flag area 34. It is thereby possible to avoid 
falsification of the program, and avoid falsification of the 
encryption algorithm, the key, or the cryptographic 
processing for the collation of the authentication infor- 
mation. 

[0167] Here, in the memory 30 of Fig. 18, a page hav- 
ing address "8000" contains, as information to be pro-, 
tected from modification by the user, program data for 



realizing the function as, for example, the area control 
portion 23. Bit information "1" as the protection flag 34 
is set at the address "8000," while bit information "0" as 
a writable flag 34 is set in free areas of the memory 30, 

5 such as pages at addresses "8010," and "8020." 
[0168] f^oreover, the program may directly be loaded 
into the IC card 10 through the host apparatus 40A from 
the authenticated personal authentication card 60 (the 
program data previously stored in the personal authen- 

10 tication card 60 may be loaded). Alternatively, it is also 
possible to load, through the host apparatus 40A. pro- 
gram data stored in another medium. 
[0169] Further, the authentication may mutually be 
made in the host apparatus 40A and the personal au- 

15 thentication card 60 by using, in addition to the authen- 
tication informatton 44 preset in the space table 23a at 
the time of manutactureof the ICcard 10, authentication 
information previously stored in the host apparatus 40A 
for issuing the IC card 10. 

20 

(F) Description of Operation and Effect in the Use of IC 
Card According to the Embodiment 

[0170] According to the above configuration, a de- 
2S scription will now be given of the operation in the use of 
the IC card 10 according to the embodiment referring to 

Figs. 19 to 22. 

(F1) Description of Illustrative Switching Operation 
30 Between Access Space and Command Space 

[0171] When the IC card 10 accepts a command 
about an application processing request from the host 
apparatus 40, the OS space 31 accepts, in addition to 
3S the information (AID) for identification of the requested 
application processing, information contained in the 
command information, such as code Information, and 
parameter information. 

[0172] In the OS space 31, as shown in Fig. 19. for 

40 command processing from the host apparatus 40, the 
operation can be transferred to an access space 72 or 
a command space 73 as required. 
[01 73] That is, when the memory space of the IC card 
10 is managed, there are set, corresponding to the area 

45 of the memory 30, the access space 72 for storage of 
the data used by the application and for the operation 
of the access control, the command space 73 for the 
operation of the command for the processing other than 
the access control in the program, and the OS space 31 

so for a supen^lsory control of the processing in the access 
space and the command space. When the OS space 31 
accepts the processing request from the host apparatus 
40, the operation is transferred from the OS space 31 
to the access space 72 or the command space 73 such 

ss that the instruction executing portion 21 can process the 
processing request. 

[0174] Specifically, when the accepting portion 22 
takes as input the command information (or instructbn 
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information) from the host apparatus 40 (see reference 
numeral [1]). the accepting portion 22 sets a state of the 
control register 24a to the OS space 31 . and assennbles 
a message (command information) through an unillus- 
trated communication mechanism. 
[0175] Subsequently, the area control portion 23 
takes as inputs the code information (command code) 
about the command and the Information (AID) for iden- 
tification of application from the above accepting portion 
22 (see reference numeral [2]). By referring to the space 
table 23a depending upon the AID, the area control por- 
tion 23 sets in the control register 24a necessary infor- 
mation set in the area of the space table 23a corre- 
sponding to the AID (see reference numeral [3]). and 
extracts an area of the memory 30 corresponding to the 
above command information so as to request the in- 
struction executing portion 21 to perform the processing 
(see reference numeral [4]). 

[0176] Specifically the area control portion 23 ex- 
tracts the area of the memory 30 for the corresponding 
processing from the address table 23a-2 depending up- 
on the type of application processing request shown by 
the AID from the accepting portion 22. h/loreover, the 
protection flag 35 (see Fig. 18) is given in address infor- 
mation of the area under the write protection and the 
read protection. 

[0177] When the control is transferred from the OS 
space 31 to the command space 73, prbr tothe request 
for the processing to the instruction executing portion 
21. the area control portion 23 sets space mode infor- 
mation 54 of the control register 24a to be switched from 
the OS space "O' to the Command space •C." and sets 
space area information 57 of the control register 24a to 
the command space 73 (at addresses "2000" to -aFFF") 
(see Fig. 7). 

[0178] The instruction executing portion 21 accepts 
the request from the area control portion 23 by specify- 
ing the area of the memory 30. and has access to the 
extracted area of the memory 30. thereby performing 
the processing corresponding to the above command 
information. The control is thereby transferred from the 
OS space 31 tothe comnnand space 73 (see reference 
numeral [4]). 

[0179] For example, when the IC card 10 accepts a 
command processing request according the electronic 
money application from the host apparatus 40, the in- 
struction executing portbn 21 executes, corresponding 
to the accepted command processing, program infor- 
mation stored at the address "2000' sen/Ing as the area 
of the memory 30. 

[0180] As set forth above, the instruction executing 
portion 21 accepts the command processing request 
from the area control portion 23 by specifying the area 
of the memory 30. and performs the processing by hav- 
ing access to the corresponding area of the memory 30. 
At the point in time, the instruction executing portion 21 
detects whether or not the protection flag 35 for each 
page is given in the address information extracted by 



the area control portion 23. thereby controlling whether 
the Instruction execution is to be enabled or disabled. 
[0181] Depending upon the command space 73 (at 
addresses •2000" to •2FFR" see reference numeral 
5 33C-1 in Fig. 8) set in the space area 57 of the control 
register 24a, the area monitoring portion 24 monitors 
whether, during the execution of instruction, the instruc- 
tion executing portion 21 has access to an address In 
the above command space 73 or in another space (see 
10 reference numerals [5], [6]). 

[0182] Further, if a request for access to the access 
space 72 (at addresses "4000" to MFFF," see reference 
numerals 32B-1, 32C-1) occurs during the above com- 
mand processing, the request for access Is posted to 
IS the accepting portion 22 operating in the OS space 31 
(see reference numeral [7]). 

[01 83] When the accepting portion 22 takes as Input 
the request for access to the access space 72 (space 
switching instruction), the accepting portion 22 sets the 
20 stale of the control register 24a to the OS space 31 , and 
captures (catches) an instruction code showing the 
space switching instruction. 

[0184] Subsequently, the area control portion 23 
takes as input the code information of the space switch- 
es ing instruction (see reference numeral [8]) from the 
above accepting portion 22, and retrieves and extracts 
address information corresponding to the space switch- 
ing instruction from the address table 23a-2 pointed to 
the space table 23a. Moreover the protection flag 35 
30 (see Fig. 18) is given in the address Information of the 
area under the write protection and the read protection. 
[01 85] Thereby the area control portion 23 sets in the 
control register 24a the necessary Information set in the 
space table 23a (see reference numeral [9]), and re- 
35 quests the instruction executing portion 21 to perform 
processing according to the corresponding address in- 
formation (see reference numeral [10J). 
[0186] Specifically, the area control portion 23 ex- 
tracts, depending upon the space switching instruction 
40 from the accepting portion 22, the. area of the memory 
30 for corresponding processing from the address table 
23a-2. The instruction executing portion 21 accepts the 
request from the area control portion 23 by specifying 
the area of the memory 30. and has access to the ex- 
45 traded area of the memory 30, thereby performing the 
processing corresponding to the above space switching 
information. The control is thereby transferred from the 
OS space 31 to the access space 72 (see reference nu- 
meral {10']). 

so [01 87] That is. when the control is transferred from the 
OS space 31 to the command space 72, prior to the re- 
quest for the processing to the instruction executing por- 
tion 21 . the area control portion 23 sets the space mode 
information 54, the status information 55, and the space 
55 area Information 57 of the control register 24a. 

[01 88] Specifically the space mode Information 54 Is 
set to "A" showing the access space 72. In the status 
information 55. the command status Is not set (■-■). and 
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the method for specifying the memory 30 is set to "AD" 
showing the addressing. The space area infornnation 57 
is set to the access space 72 (at the addresses '4000" 
to "4FFF"). 

[0189] For example, in the IC card 10 applied to the 
above electronic money application, the space switch- 
ing is made from the OS space 31 to the access space 
72 during the prcx:essing in the command space 73, 
thereby executing, for example, the program informa- 
tion stored at the address "4000" serving as the area of 
the memory 30. 

[0190] As stated above, the instruction executing por- 
tion 21 accepts the command processing request from 
the area control portion 23 by specifying the area of the 
memory 30, and performs the processing by having ac- 
cess to the corresponding area of the memory 30. At the 
point in time, the instruction executing portion 21 detects 
the presence or absence of the protection flag 35 for 
each page, thereby controlling whether the Instruction 
execution is to be enabled or disabled. 
[0191] Further, depending upon the access space 72 
(at the addresses '•4000" to "4FFF,' see reference nu- 
meral 32B-1 in Fig. 8) set in the space area 57 of the 
control register 24a, the area monitoring portion 24 mon- 
itors whether, during the execution of instruction, the in- 
struction executing portion 21 has access to an address 
in the above command space 73 or In another space 
(see reference numerals [11], [12]). 

(F2) Description of Illustrative Switching Operation 
Between Access Space and Command Space 

[0192] When the IC card 10 accepts a command 

about an eleictronic money application processing re- 
quest from the host apparatus 40, the processing in the 
' command space 73 (see reference numeral 33C-1 in 
Fig. 8) is performed in the instruction executing portion 

21 as in the above discussion (see reference numerals 
[ 1 ] to [6], and [4'] In Fig. 20). Moreover, the process steps 
[1] to [6], and [4'] shown In Fig. 20 correspond to the 
process steps [1] to [6], and [4*] shown in Fig. 19. 
[0193] Here, in the above instruction executing por- 
tion 21 , while the command processing is performed, a 
request (area extension request) to extend the com- 
mand space 73 to an extended command space 73A (at 
addresses '3000" to "3FFF,' see reference numeral 
33C-11 In Fig. 8) nnay occur. In this case, the area ex- 
tension request is posted to the accepting portion 22 op- 
erating in the OS space 31 (see reference numeral [7]). 
[0194] When the accepting portion 22 takes as input 
a request for access to the extended command space 
73A (area extension instruction), the accepting portion 

22 sets the state of the control register 24a to the OS 
space 31, and captures (catches) an instruction code 
showing the area extension instruction. 

[0195] Subsequently, the area control portion 23 
takes as input the code information of the area extension 
Instruction from the above accepting portion 22 (see ref- 



erence numeral [8]), and retrieves and extracts address 
information corresponding to the area extension instruc- 
tion from the address table 23a-2 pointed to the space 
table 23a. Moreover, the protection flag 35 (see Fig. 18) 

s is given in the address information of the area under the 
write protection and the read protection. 
[01 96] Thereby, the area control portion 23 sets In the 
control register 24a the necessary information set In the 
space table 23a (see reference numeral [9]), and re- 

10 quests the instruction executing portion 21 to perform 
processing according to the conresponding address in- 
formation (see reference numeral [10]). 
[0197] Specifically, the area control portion 23 ex- 
tracts, depending upon the area extension instructbn 

>5 from the accepting portion 22, the area of the memory 
30 for corresponding processing from the address table 
23a-2. The instruction executing portion 21 accepts the 
request from the area control portion 23 by specifying 
the area of the memory 30, and has access to the ex- 

20 tracted area of the memory 30, thereby performing the 
processing corresponding to the above area extension 
informatbn. The control is thereby transferred from the 
OS space 31 to the extended command space 73A (see 
reference numeral [10*]). 

^5 [01 98] Moreover, when the control is transferred from 
the OS space 31 to the extended command space 73A, 
prior to the request for the processing to the instruction 
executing portion 21 , the area control portion 23 sets 
the space mode infornriation 54. the status information 

30 55, and the space area information 57 of the control reg- 
ister 24a. 

[01 99] Specifically, the space mode information 54 is 
set to 'A' showing the command space. In the status 
information 55, the command status is set to "E" show- 

35 ing the extended command, and the method for speci- 
fying the memory 30 is set to "AD" showing the address- 
ing. The space area information 57 is set to the extended 
command space 73A (at addresses "2000" to "3FFF"). 
[0200] Moreover, the instruction executing portion 21 

40 accepts the extended command processing request 
from the area control portion 23 by specifying the area 
of the memory 30, and performs the processing by hav- 
ing access to the corresponding area of the memory 30. 
At the point in time, the instruction executing portion 21 

45 detects the presence or absence of the protection flag 
35 for each page, thereby controlling whether the in- 
struction execution Is to be enabled or disabled. 
[0201] Further, depending upon the extended com- 
mand space 73A (at the addresses "2000" to "3FFF," 

so see reference numeral 33C-1 1 in Fig. 8) set in the space 
area 57 of the control register 24a, the area monitoring 
portion 24 monitors whether, during the execution of in- 
struction, the instruction executing portion 21 has ac- 
cess to an address in the above extended command 

55 space 73A or in another space (see reference numerals 
[111.112]). 
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(F3) Description of Illustrative Switching Operation 
Between Shared Access Space and Shared Command 
Space 



[0202] As shown in Fig. 21 . in the IC card 10, among 
commands about an electronic money application 
processing request from the host apparatus 40. a com- 
mand corresponding to a shared command space 73B 
(see reference numeral 3X-3 in Fig. 8) is processed in 
the shared command space 73B. 
[0203] Specifically, when the accepting portion 22 
takes as input the command infomnation (or Instruction 
information) from the host apparatus 40 (see reference 
numeral [1]). the accepting portion 22 sets the state of 
the control register 24a to the OS space 31 . and assem- 
bles a message (command information) through an un- 
illuslrated communication mechanism. 
[0204] Subsequently, the area control portion 23 
lakes as inputs the code information (command code) 
about Ihe command and Ihe information (AID) for iden- 
liffcation of application (see reference numeral [2]). By 
referring to the space table 23a depending upon the 
AID the area control portion 23 sets in the control reg- 
isicr 24a the necessary information set in the area of the 
space table 23a corresponding to the AID (see refer- 
ence numeral [3]), and extracts an area of the memory 
30 corresponding to the above command information so 
as to request the instruction executing portion 21 to per- 
form the processing (see reference numeral [4]). 
[0205] Specifically, the area control portion 23 ex- 
iracts the shared command space 73B (at, for example, 
addresses -2000' to "2FFF") also available for com- 
mand processing in another application processing as 
the area of the memory 30 for the corresponding 
processing by referring to the address table 23a-2 point- 
ed to the space table 23a depending upon the command 
information from the accepting portbn 22. Moreover, the 
protection flag 35 (see Fig. 18) is given in the address 
information of the area under the write protection and 
the read protection. 

[0206] The instruction executing portion 21 accepts 
the request from the area control portion 23 by specify- 
ing the area of the memory 30. and has access to the 
extracted area of the memory 30, thereby performing 
the processing corresponding to the above command 
information. The control is thereby transferred from the 
OS space 31 to the command space 73 (see reference 
numeral [41). 

[0207] Moreover, when the control is transferred from 
the OS space 31 to the shared command space 73. prior 
to the request for the processing to the instruction exe- 
cuting portion 21, the area control portion 23 sets the 
space mode information 54. the status information 55. 
and a shared space area 56 of the control register 24a 
(see Fig. 7). 

[0208] Specifically, the space mode information 54 is 
set to "C showing the command space. In the status 
information 55. the command status is set to "N" show- 



ing the normal command, and the method for specifying 
the memory 30 is set to "AD" showing the addressing. 
The shared space area information 56 is set to the 
shared command space 738 (at addresses "2000" to 
5 "3FFF"). 

[0209] As described above, the instruction executing 
portion 21 accepts the command processing request 
from the area control portion 23 by specifying the area 
of the memory 30. and performs the processing by hav- 
10 ing access to the corresponding area of the memory 30. 
At the point in time, the instruction executing portion 21 
detects the presence or absence of the protection flag 
35 for each page, thereby controlling whether the in- 
struction execution is to be enabled or disabled. 
15 [0210] Depending upon the shared command space 
73B (at the addresses •2000" to "SFFF." see reference 
numeral 33C-3 in Fig. 8) set in the space area 57 ot the 
control register 24a, the area monitoring portion 24 mon- 
itors whether, during the execution of instruction, the in- 
20 struction executing portion 21 has access to an address 
in the above command space 73 or In another space 
(see reference numerals [5], [6]). 
[0211] Further in the above instruction executing por- 
tion 21 , while the command processing is performed, a 
2S request for access to the shared access space 720 (at 
addresses "4000" to "4FFF," see reference numerals 
32B-3, 32C-3 in Fig. 8) nnay occur. In this case, the re- 
quest for access is posted to the accepting portion 22 
operating in the OS space 31 (see reference numeral 
30 [7]). 

[0212] When the accepting portion 22 takes as input 
the request for access to the shared access space 72B 
(space switching instruction), the accepting portion 22 
sets the state of the control register 24a to the OS space 
35 31 , and captures (catches) an instructbn code showing 
the space switching instruction. 
[0213] Subsequently, the area control portion 23 
takes as input the code information of the space switch- 
ing instruction from the above accepting portion 22 (see 
40 reference numeral [8]). and retrieves and extracts ad- 
dress information corresponding to the space switching 
instojction from the shared address table 23a-3 pointed 
to the space table 23a. Moreover, the protection flag 35 
(see Fig. 18) is given in the address information of the 
45 area under the write protection and the read protection. 
[021 4] Thereby, the area control port ton 23 sets in the 
control register 24a the necessary information set in the 
space table 23a (see reference numeral [9]). and re- 
quests the instruction executing portion 21 to perform 
so processing according to the corresponding address in- 
formation (see reference numeral [10]). 
[0215] Specifically, the area control portion 23 ex- 
tracts, depending upon the space switching instruction 
from the accepting portion 22, the area of the memory 
65 30 for corresponding processing from the address table 
23a-2. The instruction executing portion 21 accepts the 
request from the area control portion 23 by specifying 
the area of the memory 30. and has access to the ex- 
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tracted area of the memory 30. thereby performing the 
processing corresponding to the above space switching 
information. The control is thereby transferred from the 
OS space 31 to the shared access space 72B (see ref- 
erence numeral [10']). 

[0216] Thatis, when the control is transferred from the 
OS space 31 to the shared access space 72B, prior to 
the request for the processing to the instruction execut- 
ing portion 21 , the area control portion 23 sets the space 
mode information 54, the status information 55, and the 
space area information 57 of the control register 24a. 
[0217] Specifically, the space mode information 54 is 
: set to "A" showing the shared access space 72B. In the 
status information 55, the command status is not set ("- 
and the method for specifying the memory 30 is set 
to "AD" showing the addressing. The shared space area 
information 56 is set to the shared access space 72B 
(at addresses "4000" to "4FFF"). 
[0218] For example, in the 10 card 10 applied to the 
above electronic money application, the space switch- 
ing is made from the OS space 31 to the shared access 
space 72B during the processing in the shared com- 
mand space 738, thereby executing, for example, the 
program Information stored at the address "4000" serv- 
ing as the area of the memory 30. 
[021 9] As stated above, the instruction executing por> 
tion 21 accepts the command processing request from 
the area control portion 23 by specifying the area of the 
memory 30. and performs the processing by having ac- 
cess to the corresponding area of the memory 30. At the 
point in time, the instruction executing portion 21 detects 
the presence or absence of the protection flag 35 for 
each page, thereby controlling whether the instruction 
execution is to be enabled or disabled. 
[0220] Further, depending upon the shared access 
space 728 (at the addresses "4000" to "4FFF," see ref- 
erence numerals 328-3, 32C-3 in Fig. 8) set in the 
shared space area information 56 of the control register 
24a, the area monitoring portion 24 monitors whether, 
during the execution of instruction, the instruction exe- 
cuting portion 21 has access to an address in the above 
shared access space 72 B or in another space (see ref- 
erence numerals [11], [12]). 

(F4) Description of Illustrative Switching Operation 
Between Access Space and Command Space 

[0221] As shown in Fig. 22, in the IC card 10, if an 
electronic money application processing request from 
the host apparatus 40 is a command corresponding to 
the shared command space 738 (see reference numer- 
ar33C-3 in Fig. 8), the processing in the shared com- 
mand space 73B (see reference numeral 33C-3 in Fig. 
8) is perfomn.ed in the instruction executing portion 21 
as in the above case (see Fig. 20) (see reference nu- 
merals [1] to [6], and [4'] in Fig. 22). Moreover, the proc- 
ess steps [1] to [6], and [4'] shown in Fig. 22 correspond 
to the process steps [1 ] to [6]. and (4'] shown In Fig. 21 . 



[0222] Here, in the above instruction executing por- 
tion 21 , while the command processing is performed, a 
request (area extension request) to extend the shared 
command space 738 (at addresses "2000" to "2FFF." 

s see reference numeral 33C-3 in Fig. 8) to a shared ex- 
tended command space 73C (at addresses "2000" to 
"3FFF," see reference numeral 33C-31 in Fig. 8) may 
occur. In this case, the area extensbn request is posted 
to the accepting portion 22 operating in the OS space 

10 31 (see reference numeral [7]). 

[0223] When the accepting portion 22 takes as input 
the request for access to the shared extended command 
space 73C (area extension instruction), the accepting 
portion 22 sets the state of the control register 24a to 

15 the OS space 31 , and captures (catches) an instruction 
code showing the area extension instruction. 
[0224] Subsequently, the area control portion 23 
takes as Input the code information of the area extension 
Instruction from the above accepting portion 22 (see ref- 

20 erence numeral [8]), and retrieves and extracts address 
information corresponding to the area extension instruc- 
tion from the shared address table 23a-3 pointed to the 
space table 23a. f^oreover, the protection flag 35 (see 
Fig. 18) Is given in the address information of the area 

25 under the write protection and the read protectbn. 
[0225] Thereby, the area control portion 23 sets in the 
control register 24a the necessary information set in the 
space table 23a (see reference numeral [9]). and re- 
quests the instruction executing portion 21 to perform 

30 processing according to the corresponding address in- 
formation (see reference numeral [10]). 
[0226] Specifically, the area control portion 23 ex- 
tracts, depending upon the area extension instruction 
from the accepting portion 22, the area of the memory 

55 30 for the corresponding processing from the shared ad- 
dress table 23a-3. The Instruction executing portion 21 
accepts the request from the area control portion 23 by 
specifying the area of the memory 30, and has access 
to the extracted area of the memory 30. thereby per- 

40 forming the processing corresponding to the above area 
extension Information. The control is thereby transferred 
from the OS space 31 to the shared extended command 
space 73C (see reference numeral [10']). 
[0227] That is, when the control is transferred from the 

45 OS space 31 to the shared extended command space 
73C, prior to the request for the processing to the In- 
struction executing portion 21 . the area control portion 
23 sets the space mode information 54, the status infor- 
matbn 55, and the shared space area information 56 of 

50 the control register 24a. 

[0228] Specifically, the space mode Information 54 Is 
set to "A" showing the command space. In the status 
information 55, the command status is set to "K" show- 
ing the shared extended command, and the method for 

55 specifying the memory 30 Is set to "AD" showing the ad- 
dressing. The shared space area Information 56 is set 
to the shared extended command space 73C (at ad- 
dresses "2000" to "SFFF"). 
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[0229] Moreover, the instruction executing portion 21 
accepts the command processing request from the area 
control portion 23 by specifying the area of the memory 
30 and performs the processing by having access to 
the corresponding area of the memory 30. At the point 
in time the instruction executing portion 21 detects the 
presence or absence of the protection flag 35 for each 
page, thereby controlling whether the instruction execu- 
tion is to be enabled or disabled. 
[0230] Further, depending upon the shared extended 
command space 73C (at the addresses -2000" to -SFFF. 
• see reference numeral 33C-31 in Fig. 8) set in the 
space area 56 of the control register 24a, the area mon- 
itoring portion 24 monitors whether, during the execution 
of instruction, the instnjction executing portion 21 has 
access to an address in the above shared extended 
command space 73C or in another space (seereference 
numerals [11], [121). 

[0231] As set forth above, according to the embodi- 
ment, there are provided the instruction executing por- 
tion 21 the area control portion 23, and the area moni- 
toring portion 24. Corresponding to the area of the mem- 
ory 30, there are set the access space 72 for the oper- 
ation of the access control, the command space 73 for 
the operation of the command, and the OS space 31 for 
the supewisory control of the processing in the access 
space 72 and the command space 73. When the 
processing request from the host apparatus 40 is ac- 
cepted in the OS space 31 , the operatbn can he trans- 
ferred from the OS space 31 to the access space 72 or 
the command space 73 such that the instruction execut- 
ing portion 21 can process the processing request. In 
order to maintain the security function of the stored data, 
an area for the operation of the CPU 20 is restrictively 
preset in the menrary at a time of execution of the pro- 
gram for realizing one application function. It is thereby 
possible to prevent data to be managed by other appli- 
cation functions from beingf etched. As a result, it is pos- 
sible to protect encryption algorithm/l^ey/cryptographic 
processing unique to each application from falsification 
through other applications. 

[0232] For example, data to be managed by the elec- 
tronic money application is prevented from being 
fetched through the medical infomiation application. It 
is thereby possible to protect data to be managed by 
eaph application even when the user loads an optional 
application. 

[0233] Further, it is possible to extend the comnnana 
space 73 depending upon the declaration made to the 
supervisory control space while the command space 73 
is active. Hence, for example, at the time of collation of 
authentication information, it is also possible to provide 
security (black box) in a part of the same application as 
long as the area which can not be written by a user other 
than authenticated program developers is set as the ex- 
tended area serving as the black box. Thus, it is possible 
to avoid falsification of the program, and avoid falsifica- 
tion of an encryption algorithm, a key. or cryptographic 



processing for collation of authentication infom^atioa 
[0234] Further, it is possible to partially define, as the 
mutually shared space, the access space set according 
to division for each application or the command space 
s in which the command execution is enabled. As a result, 
there are advantages in that a space sharing control can 
be realized between the access space 72 and the com- 
mand space 73, and the memory area can effectively 

be used. , 
70 [0235] Further, the IC card 10 is issued by the authen- 
tication infomiation posting step, the collation decision 
step, and the issuing step (or the write operation step). 
Since the authentication information is set when the IC 
chip/IG card is manufactured, there is an advantage in 
IS that for example, falsification of the medium can be 
avoided for the period from the manufacture to the issue 
of the card. In addition, since the authentication is per- 
formed based upon the personal authentication card 60, 
there is another advantage in that, for example, an im- 
20 portant program (such as definition of the space areas 
56 57 related to the AID 41 in the space table 23a. and 
space memory dump processing) can be written by only 
the application manager, and so forth. 
[0236] Though the above embodiment has been de- 
2S scribed in detail with reference to the case where the 
present invention is applied to the IC card, it is to be 
noted that the present inventbn should not be limited to 
this, and may be applied to any type of portable card 
medium other than the IC card. 

30 



Claims 

1 A portable card medium in which a memory con- . 

35 ' tains a plurality of programs to be executed in re- 
sponse to various application processing requests 
from a host apparatus (7) and data used for execu- 
tion of the programs, and the respective programs 
are executed in an executing mechanism (3) de- 

40 pending upon the stored programs and data, there- 
by processing a desired application processing re- 
quest from the host apparatus, and the portable 
card medium comprising: 

45 an accepting mechanism (4) to accept the ap- 

plication processing request from the host ap- 
paratus; 

an area control mechanism (5) to extract an ar- 
ea of the memory for processing corresponding 
so to the applicatbn processing request accepted 

by the accepting mechanism (4), and request 
the executing mechanism (3) to perform the 
processing in the extracted area, and 
an area monitoring mechanism (6) to take as 
ss input information of an area having access dur- 

ing the execution of the program in the execut- 
ing mechanism (3). and monitor whether or not 
the processing in the executing mechanism (3) 
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5. 



Is being performed in the area extracted by the 
area control mechanism (5). 

A portable card medium according to claim 1, 
wherein the area control mechanism comprises an 
area table previously containing area information 
used for performing the processing in the executing 
mechanism according to the type of application 
processing, and refers to the area table according 
to the type of application processing request ac- 
cepted by the accepting mechanism, thereby ex- 
tracting an area of the memory for processing cor- 
responding to the application processing request. 

A portable card medium according to claim 2, 
wherein the area table can be configured to set an 
area corresponding to an access space for storage 
of data used for the application accepted by the ac- 
cepting mechanism and for the operation of an ac- 
cess control in the program, and an area corre- 
sponding to a command space for the operation of 
a command used for processing other than the ac- 
cess control In the program. 

A portable card medium according to claim 2, 
wherein the area control mechanism is configured 
to extract the area of the memory for the processing 
corresponding to the application processing re- 
quest accepted by the accepting mechanism de- 
pending upon address infomnation or page Informa- 
tion by referring to the area table. 

A portable card medium according to claim 2, 
wherein the area monitoring mechanism comprises 
a register portion containing the area of the memory 
extracted by the area control mechanism, and Is 
configured to monitor whether or not the processing 
in the executing mechanism is being performed de- 
pending upon Infonnatlon stored in the register por- 
tion. 



various application processing requests from a host 
apparatus and data used for execution of the pro- 
grams, and the programs are executed in the exe- 
cuting mechanism depending upon the stored pro- 
5 grams and data, thereby processing a desired ap- 
plication processing request from the host appara- 
tus, the method for nnanaging the memory space of 
the portable card medium comprising the steps of: 

70 setting, corresponding to an area of the mem- 

ory, an access space for storage of data used 
by the application and for the operation of an 
access control in the program, a command 
space for the operation of a command used for 

75 processing other than the access control in the 

program, and a supervisory control space for a 
supen/isory control of the processing In the ac- 
cess space and the command space; and 
when a processing request from the host appa- 

20 ratus is accepted in the supervisory control 

space, transferring the operation from the su- 
pervisory control space to the access space or 
the command space such that the executing 
mechanism can process the processing re- 

25 quest. 

9. A method for managing a memory space of a port- 
able card medium according to claim 8, wherein, for 
a plurality of application processinp, the memory 
30 can contain the programs for the plurality of appli- 
cation processing and the data used for execution 
of the programs, while the access space and the 
command space can be set for each application. 

35 10. A method for managing a memory space of a port- 
able card medium according to claim 9, wherein an 
area for accessible data and an area for a program 
allowing an access control can be set In the access 
space according to division for each of the applica- 

40 tions. 



6. A portable card medium according to claim 2, 
wherein the area table contains, for each type of the 
application processing request from the host appa- 
ratus, authentication information used to decide 
whether or not the application processing request 
can be accepted. 

7. A portable card medium according to claim 2, 
wherein the area control mechanism stores, in the 
area table, identification information used for iden- 
tification of the application processing, and con- 
tained in the preceding application processing re- 
quest accepted by the accepting mechanism. 

8. I n a method for managing a memory space of a port- 
able card medium In which a memory contains a 
plurality of programs to be executed in response to 



11. A method for managing a memory space of a port- 
able card medium according to claim 10, wherein a 
part of the access space set according to division 
for each of the applications is defined as a mutually 
shared space. 

12. A method for managing a memory space of a port- 
able card medium according to claim 9, wherein a 

so program area in which command execution is ena- 
bled can be set in the command space according 
to division in application units. 

13. A method for managing a memory space of a port- 
55 able card medium according to claim 12, wherein a 

part of the command space set according to division 
for each of the applications Is defined as a mutually 
shared space. 
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1 4 A method for managing a memory space of a port- 
able card medium according to claim 8. wherein the 
command space is extended depending upon a 
declaration made to the supen/isory control space ^ 
while the command space is active. 

IS. A method for issuing a portable card medium com- 
prising. 

when the portable card medium is issued in »o 
which a memoiy contains a plurality of pro- 
grams to be executed in response to various 
application processing requests from the host 
apparatus and data used for execution of the 
prograrm. and the programs are executed in « 
the executing mechanism depending upon the 
stored programs and data, thereby processing 17. 
a desired application processing request from 
the host apparatus. 

an authentication informaton posting step of 
posting authentication information inherent in 
the host apparatus capable of issuing the card 
medium to an external card medium containing 
authentication information; • 
a collation decision step of. in the external card 
medium, collating for authentication the au- 
thentication information posted in the authenti- 
cation information posting step with the authen- 
tication information stored in the external ca'd 
medium, and deciding whether or not the card 30 
medium can be issued through the host appa- 
ratus; and 

an issuing step of issuing the desired card me- 
dium through the host apparatus when it is de- 
cided that the card medium can be issued as a as 
result of decision in the collation decision step. 

16. A method for writing program data on a portable 
card medium comprising: ^ 

when an external apparatus writes program da- 
ta on the memory of the portable card medium 
in which the memory contains a plurality of pro- 
grams to be executed in response to various 

application processing requests from the host 
apparatus and data used tor execution of the 
programs, and the programs are executed in 
the executing mechanism depending upon the 
stored programs and data, thereby processing 
the desired application processing request 
from the host apparatus, 
an authentication information posting step of 
posting authentication information of the exter- 
nal apparatus to the card medium, and posting 
authentication infomnation of the card medium 
to the external apparatus; 
a collation decision step of, in the external ap- 
paratus, collating for authentication the authen- 
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tication information posted from the card medi- 
um with the authentication information stored 
in the external apparatus, and, in the card me- 
dium, collating for authentication the authenti- 
cation informatton posted from the external ap- 
paratus with the authentication information 
stored in the card medium, thereby deciding 
whether a write operation of the program data 
by the external apparatus is to be enabled or 
disabled; and 

a write operation step of, in the card medium, 
performing the write operation through the ex- 
ternal apparatus when it is decided that the pro- 
gram data can be written as a result of decision 
in the collation decision step. 

A computer readable recording medium with a 
memoiy space management program recorded 
therein compr ising the memory space management 
program recorded for, 

when a memory space is managed in a com- 
puter in which a memory contains a plurality of 
programs to be executed in response to vanous 
application processing requests from a host ap- 
paratus along with data used for execution of 
the programs and the programs are executed 
In an executing mechanism depending upon 
the stored programs and data, thereby 
processing the desired application processing 
request from the host apparatus, 
causing the computer to realize: 
a space setting function of setting in an area of 
the memory an access space for storage of da- 
ta used by the application and for the operation 
of an access control in the program, a com- 
mand space for the operation of a command for 
processing other than the access control in the 
program, and a supervisory control space for a 
supen/isory control of processing in the access 
space and the command space; and 
a space control function of transferring, when a 
processing request from the host apparatus is 
accepted in the supervisory control space, the 
operation from the supervisory control space to 
the access space or the command space such 
that the executing mechanism can process the 
processing request. 
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